We are living in an appified world that mobile apps are heavily used in our daily life. The popularity of these apps, particularly Android apps, stimulates many studies on their performance, security, and robustness. In this talk, I will present two novel technologies that evolve classic dynamic and static analysis to advance Android app analysis. First, we propose to perform on-device crowdsourcing that leverages users' interactions with their smartphones to discover apps' performance and security issues in the wild. We have designed and deployed two Android apps, MopEye and NetMon, for large-scale and long-term crowdsourcing studies via Google Play. Specifically, MopEye exploits VpnService and builds its own user-space TCP/IP stack to measure network round-trip delay for each app whenever there is app traffic. It hence introduces a new paradigm of measuring per-app mobile network performance. On the other hand, NetMon leverages a public interface in the proc file system to monitor open ports created by all apps on the device. The crowdsourcing enables us to observe the actual execution of open ports in 925 popular apps and 725 built-in system apps. While crowdsourcing is effective in discovering open ports, it does not reveal the code-level information for more in-depth understanding or diagnosis. We thus further propose our second technology, bytecode search, to perform effective static dataflow analysis and address the fundamental non-scalability in existing Android static tools. By applying its preliminary prototype to open port diagnosis, we find that 61.8% of the open-port apps are solely due to embedded SDKs and 20.7% suffer from insecure API usages.

Biography

Daoyuan Wu is a PhD candidate in Cybersecurity at Singapore Management University (SMU), working with Prof. Debin Gao and Robert Deng. Prior to pursuing his Ph.D. in Singapore, he received the M.Phil. degree from The Hong Kong Polytechnic University in 2015. His current research focuses on mobile security and network measurement, and he conducts systematic studies in these two areas based on program analysis and app crowdsourcing. He has published eleven academic papers, including four top-tier conference papers and one journal article. Along his research, he reported many app vulnerabilities on both Android and iOS platforms, as well as one system issue in Android (CVE-2014-7224) and one in iOS (CVE-2015-5921 with Apple iOS9 acknowledgement). He also gave two talks at HITCON, a major hacker conference in Asia.